nginx: code execution
| Package(s): | nginx | CVE #(s): | CVE-2013-2028 | ||||
| Created: | October 7, 2013 | Updated: | October 9, 2013 | ||||
| Description: | From the CVE entry:
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. | ||||||
| Alerts: |
| ||||||